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This paper presents the artificial intelligence (AI) techniques based on the 
deep learning algorithms to diagnose false data injection (FDI) attacks to 
smart grids with the measurement data in real-time. The power and data flow 
between end-user consumers and all components of the advanced metering 
infrastructure (AMI) and supervisory control and data acquisition (SCADA) 


system in the SG is bidirectional flow by advanced communication networks. 

For all the advantages of the SG come with, they remain at risk to a series of 
Keywords: many potential threats and ongoing attacks. The conditional-deep-belief- 
network (CDBN) architecture is employed to un-observable FDI attacks 
which pass the state-vector-estimator (SVE) mechanisms. The IEEE 118 bus, 
and IEEE 300 bus power system have been used to evaluate our detection 
scheme. Finally, the suggested CDBN scheme is compared with other 
Smart grid detection such as artificial neural network (ANN) and support vector machine 
Threats and attacks (SVM). It is observed that the simulation result shows that suggested detection 

methods can attain a high accuracy of unobservable FDI attacks. 
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1. INTRODUCTION 

The Distribution systems of traditional electric grid used to convey produced energy from centralized 
plants to customers by high voltage transmission lines. This grids have many defect, including the disability to 
involve various sources, green energy, costly assets, and time consumption of demand response, greenhouse 
emission, and blackouts [1]. It is shown that these issues of system cannot be addressed with conventional grid. 
Therefore, the smart grid is used to solve the issues as mentioned above, then the SG enables manage and 
distributed power flow and information by two-way direction by using Information and communications 
technologies (ICT) [2]. Smart grid has flexibility via distributed generation, reliability via self-healing, and 
efficiency through load balancing and use intelligent devices [3]. The SG can be combination of renewable 
energy resources such as solar cell photovoltaic and wind and have many major components are household 
appliances, renewable energy resources, smart meter and devices, and utility centers [4]. The communications 
networks in smart grids are the core network, wide area network (WAN), neighborhood area network (NAN), 
and local area network (HAN) that implemented in real time control in order to realize reliability. A core 
network is used for long distance based on fiber optic cables and have two standards, OpenADR and IEEE 
2030.5 power assets [5]. High performance of WANs can be realized by using the long term evolution LTE 
networks. Neighborhood ZigBee network is used to receive state of data from WAN net and delivered to 
residential building and consumers. ZigBee is a low power dissipation and connect smart meters to the 
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networks based on IEEE 802.15.4 bus. WiMAX, 3G/LTE technologies are used for communication and 
combine the house appliances to smart meters [6]. 

There are many paper published that presented general problems about cyber-security in infrastructure 
of SG. Rawat and Bajracharya [7] presented a study of the challenges and Vulnerabilities existing in SG cyber 
security. They classified attacks based on the LAN, NAN, and WAN networks. The authors studied the impact 
of each threats and attacks on the data security, confidentiality of the data for customers by using encryption 
techniques such like AES, integrity of the system and data flow between users and SCADA system, and 
availability of advanced metering infrastructure (AMI) devices for users. 

Sakhnini et al. [8] analyze three different techniques of the supervised learning such as three types of 
feature selection (FS) techniques that are implemented on the IEEE 14, 57, and 118 bus system for estimation 
of fluctuation. The IEEE buses systems has been implemented to test and detect false data injection (FDI) 
attacks by using supervised learning algorithm. High performance have been obtained for detection via 
integration the learning algorithm with heuristic FS methods. 

In this study, some notable recent attacks, threats, and the security vulnerabilities are described against 
infrastructures of the SG. This paper presents the AI techniques based on the deep learning algorithms to 
diagnose FDI attacks to smart grids with the measurement data in real-time. The performance of the suggested 
detection method has been inspected through the effect of the following points: first of all, the amount of 
compromised data samples, the level of the noise produced from the environment. The CDBN architecture is 
employed to un-observable FDI attacks which pass the SVE mechanisms. Finally, the threshold level for SVE 
suggested. Afterward, evaluating our proposed detection against the artififcial neural network (ANN) and 
support vector machine (SVM). 


2. SMART GRID ATTACKS AND CYBER-SECURITY PRINCIPLES 

SG systems contains on many units such like, phasor measuring units (PMU), sectional control, power 
production, ICT technology, intelligent electronic devices (IEDs), smart meters and devices, remote terminal 
units, human-machine-interfaces (HMI), and protocol gateway [9]. SCADA system provides controller and 
observer of the electric grid units as a real time. The AMI is the combination the utility control units and smart 
devices. The power transmission lines of the SG can be implemented by using internet of things (IoT) 
technologies that leads to reduce cost of the transfer power and data from utilities to costumer and vice versa. 
The SG support the environments by eliminate greenhouse carbon emissions and independent of the fossil fuels 
via using hybrid electric vehicles (HEV) [10]. 

The security required of the smart power grids are confidentiality-integrity-availability (CIA) triad. 
The institute-of-standards-and-technology (NIST) has identify three standard needed to preserve security of 
data in the SG, specifically CIA triad. In general, confidentiality protects reasonable boundaries on the access 
and disclosure of information. Integrity in SG means protecting against manipulation of the information of 
customers’ bills. Availability is reliable access of consumers to private information of them [11]. The cyber- 
security issues are one of the impartment disadvantages of SG development. The problems of the SG cyber- 
security involve realize the security service CIA of the system and intelligent technology. The C_I_A triad is 
fundamental of protection of the energy management units. The aims of the SG Cyber-security must have 
reservation protect data with CIA service [12]. The wide-spread energy blackout to energy resources in smart 
grid has been getting up because of cyber-attacks. Therefore, the cyber-attacks for SG security have been 
categorized to three ways by CIA triad as shown in Table 1. 

There are many cyber-attacks of smart-grids according to network layers. Network layers are 
application, transport, MAC, and physical layer. The attacks exist in application layer can penetrate system 
that has limited on many computing resources by flood attack. In addition to, the denial-of-service attack 
objective to destroy resources in system such as memory, CPU or bandwidth [13]. Spoofing attack are 
pernicious threat in MAC layer. The main aim of this attack in SG is phasor measurement units (PMU) by 
investment the item range in a layer framework, can deny forward dummy data to other devices [14]. Transport 
layer attacks such like TCP and UDP which cause flooding availability objective of users. Therefore, the base 
system cannot receive valid flow data. Man in-the middle (MITM) attack can pass during IP spoofing to deny 
connection. The most important prevention towards a MITM is using good encrypted algorithm. In this layer, 
an IDS system is efficient security solution for detect vulnerability exploits from attacker against computer and 
systems [15]. While in the physical layer, jamming attack is the important dangerous type that occurs in 
wireless networks. 

The systematic approach is used to analyze the following types of attack. Figure 1 shows described 
of the system as a control center and smart grid [16]. The whole system contains control centers for SCADA, 
wide area measurement system (WAMS) technologies, inputs and relevant outputs. 
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Table 1. SG cyber attacks classification 


Cyber_security 


objective Attack type Solution 
Confidentiality Eavesdropping, traffic analysis, unauthorized access, Authentication processes, and encryption. 
password pilfering, MITM, replay, masquerading, data 
Injection Attacks. 

Integrity Tampering, replay, false data injection, spoofing, data Power fingerprinting technique, Volt-var 
modification, time synchronization, masquerading, load control, trusted network connect, authenticity, 
drop attacks. and non-repudiation. 

Availability Jamming, denial of service (Dos), low-rate Dos, buffer Traffic filtering, Big pipes, anomaly detection 


overflow, teardrop, time synchronization, masquerading, approaches and Applying air-gapped network. 
MITM, spoofing attacks. 


Energy generation | Grid network | Distribution network 
| 


External influences: legislation, Services reflecting: 


political situation, available technologies - International agreements 
- Functional and reliable energy supply 


Figure 1. Smart grid systematic approach [16] 


2.1. NAN and HAN networks 

Advanced encryption standard counter (AES-CTR) algorithms is used to detection of some attacks 
exist in the HAN, WAN networks, such like Dos and spoofed annunciation packets. The communication is 
realized via ZigBee network technology. Utilize of the same keys on multiple access control list (ACL), tuning 
on an encryption value when the electricity is theft. This encryption algorithm detects MITM attack, MAC and 
point spoofing via radio spectrum congestion that exist in Wi-Fi topology. MITM attacks sending by using 
WiMAX network forge messages to server which increase end user's energy and jamming [17]. 


2.2. SCADA systems 

SCADA serves as the backbone of several critical infrastructures. SCADA system provides controller 
and observer of the electric grid units as a real time. The AMI is the combination the utility control units and 
smart devices. As a result, it is critically important to analyse cyber risks associated with the industrial SCADA 
system. There are many vulnerabilities on the data networks of SCADA system, such as security problem in 
operating system, mistaken management, wrong security from account and password requirements to access, 
error in software of the hosting server by Dos threat, and finally configured firewall faulty that leads to 
insufficient network infrastructure security [18]. 


2.3. Advanced metering infrastructure attack 

Un-authorized data access and modification, stealing data, physical harm to the tools, malicious 
software and devices insertion, data integrity blocking, and data leaks via person. These risks threated to AMI 
devices that found in the SG systems. For example, of the communication attacks, FEMTO cell attack to GPRS 
service, physical attacks require access to the metering device to measure power consumption, and over-voltage 
attack to metering device and thus destroy the electronic circuits. The connection between the metering devices 
and communication infrastructure will disable through damage of the antenna which is a type of attack called 
mechanical damage [19]. 


2.4. IP spoofing attacks 

IP-address-spoofing is the practice of faking the data in the source IP-header, typically using random 
number, in order to conceal the identity of the sender or conduct a mirrored D.DoS attack. There is a great 
attack on the IP networks on both versions of IPv4 and IPv6. The use of IPsec in IPv6 is only recommended, 
making its security very similar to the IPv4. 
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3. ARTIFICIAL INTELLIGENCE TECHNIQUES IN SG 

There are many take place countermeasures to detect and prevent the cyber-attacks, such as encryption 
algorithm, VPN, Firewall, antivirus software, IDS, and access control. From a security management viewpoint, 
the countermeasures must hood risk estimate of resources at behind attack, exchange and manage of secret key, 
and vulnerability reporting [20]. Different security strategies to defense solution through AI, machine-learning 
(ML), certificate authenticity (CA), and proactive real-time IPS-IDS. These methods provide adaptability, 
flexible, and patient security technology. The secure framework is required to the following: authenticity and 
access control of the system, detection and countermeasures procedures, cryptographic functions at every node 
in grid, and Security of network protocols in MAC layer. 

The AI technique that used in the SG are aggregate of multi data about operation of the SG by using 
combining AMI, control systems, and communication. This technique can be classified to fuzzy systems and 
artificial neural networks ANN [21]. ML learning is a part of the AI and just a way to perform AI systems [22]. 
The AI may be learned by supervised, unsupervised, and reinforcement learning methods that can be overcome 
the limitations with better performance has been realized [23]. The artificial ANN techniques allows the 
detection rate and time of threats, attacks and state its clean solution [24]. 


3.1. Load forecasting attacks 

The load forecast (LF) is the most important factor in the operation of any power system. System 
operator and utilities use forecast models using input features like historical loads and weather forecasts to help 
with commitment and dispatch decisions. As the forecasting techniques become more sophisticated, however, 
they also become more vulnerable to cybersecurity threats. In order to solve the LF issues are used the deep 
learning (DL) algorithm based on convolutional neural networks CNN, wavelet neural network WNN, and 
ANN schemes [25]. 


3.2. Power grid stability assessments 

The power grid stability assessment represents the reliability and security of the power system and it 
is containing many evolutional of stability, such as transient, frequency, small signal, and voltage. The stability 
meaning the ability of the power system to stay at an equilibrium operation state after a perturbation. AI 
methods are used to analysis these assessments that have been applied on power grid because of the 
development of PMU [26]. 


3.3. Fault detection FD 

The FD of the transmission lines in the energy plants which use long short-term memory (LSTM) 
networks and state estimation matrix (x). LSTM uses RNNs model in smart grid. FD represent the most one 
challenge for the progress of the micro-grid, that sitting an efficient energy for the integration of distributed 
power resource and can be used k-nearest neighbor (KNN) algorithm to prevent FD attack [27]. 


3.4. Smart grid security 

The SGs are exposed to many issues of security because of the complexity of SG system and the 
weakness of communication technologies. The cyber-attack of the network is causing failures in the operation 
and power supply, synchronization loss with complete electricity theft. The FDI and distributed Dos are attacks 
to SG networks [28]. To prevention and detection of these threats must be improve the overall security. Many 
approaches have been used the state of the art intelligent technology. ANN and SVE were used previously to 
detect FDI. Table 2. brief some intelligent techniques for SG security. 

FDI attacks on the secure data integrity that threat to the SCADA system. Despite, smart grid improved 
the specific of controlled of infrastructure through ICT and intelligent devices. FDI increases the rate of 
electricity theft by the state estimator measured data of the load profiles in real time. To diagnosis the habit 
merit of the FDI and measurement data, the deep learning technique is used to detect FDI attack [29]. For the 
sake of maintaining the efficiency of the power grid, the system state estimation is used that measured the 
voltage buses, power flow bus, and load profile by the remote transducers units is shown in Figure 2. Thus 
these measured values are sent toa SCADA system which analysis data and resend to the unit called remote 
terminal units (RTUs) to make the operation system is more reliable [30]. 


Let z = [Z, 2 Zz ...Zm)]7 € R™ (1) 
Letx = [xy Xo Fe ue%, | “ER” (2) 
Lete = [e, €2 €3 +.€m]’ € R™ (3) 
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Where z: measurement vector. x: state vector. e: measurement error vector. The observation model in the d.c 
power flow, where the (H) is the Jacobian state matrix of the power system. 


z=Hx+t+e (4) 


By using minimum mean square error that is the statistical criteria. The state estimated (x) can be calculated 
by (5), where (A): it is a diagonal state of the system. 


$= (HAH) A? Az (5) 
The FDI attackers have the ability of detect a finite number of state load profiles and also have the 
information of the Jacobian Matrix H of the system. The observation model of these FDI can be described with 


additive attack called the state vector (a). 


2, =H, +ate (6) 


Table 2. Intelligent approaches of security for SG networks 


Objects Mechanism 
Intrusion detection Reinforcement learning (RL) 
Detect malicious voltage control ANN 
Attack detection KNN, SVM 
Survey Data-driven approach 


Sensors/Meters 


Control Center 


RTUs 


Figure 2. Communication structure of RTU sensors and control systems 


Real-time mechanisms for detect FDI attack consist of a SVE-unit and deep learning based 
identification (DLBI) schemes as shown in Figure 3. The measurement data quality should be adjusted by SVM 
unit as a real-time by finding the €2-Norm as described in (6). The calculation result n, from this (6) with a pre- 
determined threshold level (t). The SVE record attacks alarm, if (yn) > 1, the estimated data is penetrated 
information. 


n = ||2 — H&|lz > t Attack alarm is reported. 
n = ||2 — H&||, < t No attack is reported (7) 


Where ||. ||,, denotes €2-norm operation. If (t) is very low, the state SVE system is reduced the false alert on 
the FDI Detection. While if (t) is very high, SVE unit potency will been increased the treatment loads of the 
DLBI unit. 

The perverse control z*_a that cannot be disclosed by SVE unit because of the availability of the FDI 
attack to threat. Therefore, the DLBI was used to detect the un-observable FDI attacks which consists of two 
fundamental mechanisms in parallel based on (7). Modify the conditional-deep-belief-network (CDBN) 
architecture via the training procedure. Diagnosis of FDI by using real time updating of the currently CDBN. 
DLBI scheme assigned with label 1=1, when the FDI attacks is existence at collect of the data measurements. 
While it is assigned with label 1=0, when no FDI occurrences. Otherwise, this vector is kept un-labeled. 
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Figure 3. FDI attacks detecting by using deep learning on real-time 


4. IDENTIFICATION SCHEME BASED ON DEEP LEARNING ALGORITHMS 

The electricity theft through FDI intrusion and specify the model by the following approaches of the 
attackers: i) they have information about structure of the system; ii) they are capable of corrupting the state 
measurement data such as load profiles; iii) they have understanding of the SVE mechanism without the 
threshold level, and iv) stealing electricity and modification of the measurement data. 

In general, the widely used to detect FDI attacks is the SVE. Therefore, the third assumption above is 
the threat model is reasonable. The optimization model, such the sequential-quadratic-programming (SQP) 
algorithms is used to fix and prevent FDI attacks as described in [31]. This algorithm transfers the bases of the 
main issue to sub-problem QP and accomplish the solved through numerical iteration. Then the sub-problems 
are solved by the SQP methods that represent a sequence of optimization. 

As mentioned above, DLBI unit is progressed to detect the penetrated data which passed SVE 
mechanism. It is connected the deep-belief-network (DBN) structure with conditional Gaussian bernoulli 
restricted boltzmann machines (CGBRBM) which is capable of responding to the input value in real time. 
CDBN uses the 1* hidden layer and for stages k-1, where k is the number of hidden layers of CDBN as shown 
in Figure 4. To perfect detection of the FDI, the output unit shows whether or not FDI attacks have 
compromised the data. 

The unsupervised training process of the CDBN structure is described by energy function as follows 
by (8): where (v;) is the j component of the visible-vector, (hj) is the i“ elements of the hidden-unit's vector, 
(wij) is the ij elements of the weight-matrix between the visible-units and hidden-units, and di and c; stand for 
the i" and j" elements of the weight matrix between the visible units and hidden units. 
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Figure 4. Design of the CDBN architecture 
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While the structure of the CGBRBM designed for our CDBN architecture has (N +1) visible layers and one 

hidden layer is illustrated in Figure 5. The energy-function of the CGBRBMs is reported as a (9): when n is 


the number of the visible-windows, and (a; )is the standard deviation of the j" parts of the visible-vectors. 


m (vj-0j)? 


E (vy ---Ve-w h) = — LPL wig hi “5 —Lidayhy + Lia (9) 
J J 


Hidden Layer 


By c++ B, 
Ay / 
Visible Layer (t-N) Visible Layer (t-1) Visible Layer (t) 


Figure 5. The CGBRBM structure for our suggested CDBN unit 


In this paper, the performance of our detection mechanism has been illustrated by using IEEE 118 bus 
system as shown in Figure 6 and detailed in [32]. The IEEE 300 bus power-system, which is described in [33], 
is a larger-scale test system that we use to assess the scalability of our work. Use load profiles that were obtained 
from the real world for our approach, a specific portion of which are certified to contain contaminated data. In 
the DLBI scheme, to have enough labeled compromised information for training the CDBN structure. The data 
obtained must be extend from the world by using several analyses and techniques such as fourier transform, 
main component analysis, and create more vulnerable data that have same pattern with those from the out- 
world. Finally, we obtain enough compromised load profiles to effectively implement our DLBI scheme by 
integrating real data with artificially generated data. It is reasonable to assume that just a few load profiles can 
be corrupted by FDI attacks. Therefore, we assume that FDI attacks in IEEE 118 and IEEE 300 buses 
respectively, can corrupt up to 64 and 231 loads. Figure 7 illustrates a typical load profile for a one-day. 

To analyze the evaluation of our real-time technique for the FDI Attack. Case study has been taken 
for the effect of the many keys on the detection-accuracy such like, the numbers of load-profiles, level of the 
environment noise, and the threshold (t) value of SVE unit. We also compare the performance of DLBI 
schemes with an ANN based and a SVM respectively to demonstrate the effectiveness of CDBN structure. 
From the case study showed that the accuracy of CDBN scheme with different hidden layers was unobservable 
and described in the Table 3. 


Figure 6. IEEE 118 bus power test system [32] 
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Figure 7. IEEE 118 bus power test system [32] 


Table 3. Different elements of the hidden-layers of the FDI CDBNs unobservable attacks with the 
accuracy detecting 


— Accuracy (%) 
PE OBES 3 hidden layers 4 hidden layers 5 hidden layers 
32 94 94.6 95.6 
40 96.2 96.6 96.7 
48 96.6 96.9 97 
56 97.9 98 97.9 
64 97.7 98 98 


As a clear from table the accuracy increases with increase the numbers of hidden layer of the CDBNs 
unit. Therefore, the CDBN have five hidden layers to achieve a good detection accuracy [31]. To investigate 
how the number of arrangement load profile, noise in the data-acquisition, and threshold of SVE detection 
affects the effectiveness of our detection method. Firstly, Figure 8 shows the accuracy attained by our technique 
with the ANN and SVM schemes. The CDBN-based deep learning algorithms acquire the highest accuracy via 
the three methods. Next, we take effect of the noise on the data acquired by assuming both the number of the 
load-profile and threshold are constants. 

Figure 9 illustrated relationship between the noise and accuracy, as cleared from this figure, when the 
noise level increases, the accuracy of the three structures is decreased by assuming the loads and t are 64 and 
10 respectively. As mentioned above, the attackers are aware of SVE's threshold. As a result, when the SVE 
detection threshold rises, the Attack will rise the value of fake data, potentially leading to a greater disparity in 
the forms of compromised and real data. We can see that when t<10, the CDBN design can recognize the 
assault with an accuracy of more than 90% compared to ANN and SVM systems. 


Accuracy of Detection (%) 
Accuracy of Detection (%) 


] —®—CDBN based 4 5 —™—CDBN based 
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Figure 8. The accuracy of detecting unobservable —_ Figure 9. The accuracy of unobservable FDI attacks 
FDI Attack with different numbers of the loads with different standards deviation of environment 


noise 


Indonesian J Elec Eng & Comp Sci, Vol. 30, No. 1, April 2023: 219-228 


Indonesian J Elec Eng & Comp Sci ISSN: 2502-4752 0 227 


5. CONCLUSION 

The utilization of smart grids is predictable to increase in the future, especially with the rising demand 
for electricity. In order to respond with these requirements, perfect security has to be realized and implemented. 
Cyber security is some most important main problems for SG applications which involve data acquisition from 
intelligent meters. This paper presents the artificial intelligence (AI) techniques based on the deep Learning 
algorithms to diagnose FDI attacks to smart grids with the measurement data in real-time. The CDBN 
architecture is employed to un-observable FDI attacks which pass the SVE mechanisms. The IEEE 118 bus, 
and IEEE 300 bus power system have been used to evaluate our detection scheme. The suggested CDBN 
scheme is compared with other detection such as ANN and SVM. It is observed that the simulation result shows 
that our detection method can attain a high accuracy of unobservable FDI attacks. 
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